Beispiel #1
0
func main() {
	cert, err := tls.LoadX509KeyPair("server.crt", "server.key")
	if err != nil {
		log.Fatalf("server : loadkeys :%s", err)
	}
	config := tls.Config{Certificates: []tls.Certificate{cert}}
	config.Time = time.Now
	config.Rand = rand.Reader

	service := "127.0.0.1:10000"
	listener, err := tls.Listen("tcp", service, &config)
	if err != nil {
		log.Fatalf("server : listen: %s", err)
	}
	log.Print("server: listening")
	for {
		conn, err := listener.Accept()
		if err != nil {
			log.Panicf("server:accept :%s", err)
			break
		}
		log.Printf("server : accepted from %s", conn.RemoteAddr())
		go handleClient(conn)
	}
}
func (s *Server) Serve() error {

	var tlsconfig tls.Config
	tlsconfig.MinVersion = tls.VersionTLS10

	cert, err := tls.LoadX509KeyPair(s.SSLCertificate, s.SSLKey)
	if err != nil {
		return fmt.Errorf("Failed loading client ssl certificate: %s", err)
	}
	tlsconfig.Certificates = []tls.Certificate{cert}

	tlsconfig.Rand = rand.Reader
	service := fmt.Sprintf("0.0.0.0:%s", s.Port)
	listener, err := tls.Listen("tcp", service, &tlsconfig)
	if err != nil {
		return err
	}

	log.Print("server: listening")
	for {
		conn, err := listener.Accept()
		if err != nil {
			log.Printf("server: accept: %s", err)
			break
		}
		defer conn.Close()
		log.Printf("server: accepted from %s", conn.RemoteAddr())
		go s.handleClient(conn)
	}
	return nil
}
Beispiel #3
0
func main() {
	cert, err := tls.LoadX509KeyPair("../certs/CARoot.crt", "../certs/CARoot.key")
	if err != nil {
		log.Fatalf("server: loadkeys: %s", err)
	}
	config := tls.Config{Certificates: []tls.Certificate{cert}}
	config.Rand = rand.Reader
	service := "0.0.0.0:9999"
	listener, err := tls.Listen("tcp", service, &config)
	if err != nil {
		log.Fatalf("server: listen: %s", err)
	}
	log.Print("server: listening")
	for {
		conn, err := listener.Accept()
		if err != nil {
			log.Printf("server: accept: %s", err)
			break
		}
		defer conn.Close()
		log.Printf("server: accepted from %s", conn.RemoteAddr())
		tlscon, ok := conn.(*tls.Conn)
		if ok {
			log.Print("ok=true")
			state := tlscon.ConnectionState()
			for _, v := range state.PeerCertificates {
				log.Print(x509.MarshalPKIXPublicKey(v.PublicKey))
			}
		}
		handleClient(conn)
	}
}
Beispiel #4
0
// TLS server that prints out the certs provided by
// the connecting client, and does a simple echo
func main() {

	// Load certs, config, and start listening
	cert, err := tls.LoadX509KeyPair("certs/server.pem", "certs/server.key")
	if err != nil {
		log.Fatalf("server: loadkeys: %s", err)
	}
	config := tls.Config{Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAnyClientCert}
	config.Rand = rand.Reader
	service := "0.0.0.0:8000"
	listener, err := tls.Listen("tcp", service, &config)
	if err != nil {
		log.Fatalf("server: listen: %s", err)
	}
	log.Print("server: listening")

	// Infinite listen loop. Create goroutine for each client
	for {
		conn, err := listener.Accept()
		if err != nil {
			log.Printf("server: accept: %s", err)
			break
		}
		log.Printf("server: accepted from %s", conn.RemoteAddr())
		go handleClient(conn)
	}

}
Beispiel #5
0
func StartServer() *Server {
	bin := GetBinDir()
	var cert tls.Certificate
	var err error
	for cert, err = tls.LoadX509KeyPair(bin+"cert.pem", bin+"key.pem"); err != nil; {
		MakeCert("127.0.0.1")
	}
	config := tls.Config{Certificates: []tls.Certificate{cert}}
	config.Rand = rand.Reader
	service := ":10234"
	listener, err := tls.Listen("tcp", service, &config)
	if err != nil {
		log.Fatalf("server: listen: %s", err)
	}
	s := Server{
		make(map[string][]byte),
		sync.Mutex{},
		//make(map[string][]byte),
		//sync.RWMutex{},
		make(map[string]*User),
		sync.RWMutex{},
		make(map[string]*File),
		listener,
		make(chan *Packet, 10), //Channel for incoming messages
		make(chan *Packet, 10), //Channel for parsed messages to be sent
		NewLog(64),
	}
	s.LoginPrompt()
	return &s
}
Beispiel #6
0
func main() {
	cert, err := tls.LoadX509KeyPair("C:\\Users\\Marcelle\\git\\huuzlee\\go\\AA_NET\\go-ssl\\certs\\server.pem", "certs/server.key")
	if err != nil {
		log.Fatalf("server: loadkeys: %s", err)
	}
	config := tls.Config{Certificates: []tls.Certificate{cert}}
	config.Rand = rand.Reader
	service := "0.0.0.0:8000"
	listener, err := tls.Listen("tcp", service, &config)
	if err != nil {
		log.Fatalf("server: listen: %s", err)
	}
	log.Print("server: listening")
	for {
		conn, err := listener.Accept()
		if err != nil {
			log.Printf("server: accept: %s", err)
			break
		}
		defer conn.Close()
		log.Printf("server: accepted from %s", conn.RemoteAddr())
		tlscon, ok := conn.(*tls.Conn)
		if ok {
			log.Print("ok=true")
			state := tlscon.ConnectionState()
			for _, v := range state.PeerCertificates {
				log.Print(x509.MarshalPKIXPublicKey(v.PublicKey))
			}
		}
		go handleClient(conn)
	}
}
Beispiel #7
0
//func ListenTls(port string, initiate bool, delay int, certname string, keyname string, verbose bool) {
func ListenTls(settings config.Settings) {
	c, err := exists(settings.CertName)
	k, err := exists(settings.KeyName)
	if !c {
		log.Printf("Cert file doesnt exist! %s", err)
		GenKeyCert("127.0.0.1", settings.CertName, settings.KeyName)
	} else if !k {
		log.Printf("Key file doesnt exist! %s", err)
		GenKeyCert("127.0.0.1", settings.CertName, settings.KeyName)
	}

	cert, err := tls.LoadX509KeyPair(settings.CertName, settings.KeyName)
	if err != nil {
		log.Fatalf("TLS: loadkeys: %s", err)
	}
	conf := tls.Config{Certificates: []tls.Certificate{cert}} //, ClientAuth: tls.RequireAnyClientCert}
	conf.Rand = rand.Reader
	service := GetAddress(settings, "0.0.0.0")
	listener, err := tls.Listen("tcp", service, &conf)
	if err != nil {
		log.Fatalf("TLS: listen error: %s", err)
	}
	log.Printf("TLS: listening on %s", service)
	i := 0
	for {
		conn, err := listener.Accept()
		if err != nil {
			log.Printf("TLS: accept: %s", err)
			break
		}
		log.Printf("TLS: accepted from %s", conn.RemoteAddr())
		TlsService(conn, settings)
		i = i + 1
	}
}
Beispiel #8
0
func (s *ConnectionXMPPSuite) Test_Dial_worksIfTheHandshakeSucceedsButFailsOnInvalidCertHash(c *C) {
	rw := &mockMultiConnIOReaderWriter{read: validTLSExchange}
	conn := &fullMockedConn{rw: rw}
	var tlsC tls.Config
	tlsC.Rand = fixedRand([]string{
		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
		"000102030405060708090A0B0C0D0E0F",
		"000102030405060708090A0B0C0D0E0F",
	})

	d := &dialer{
		JID:           "*****@*****.**",
		password:      "******",
		serverAddress: "www.olabini.se:443",
		verifier:      &basicTLSVerifier{[]byte("aaaaa")},

		config: data.Config{
			TLSConfig: &tlsC,
		},
	}
	_, err := d.setupStream(conn)

	c.Assert(err.Error(), Equals, "tls: server certificate does not match expected hash (got: 82454418cb04854aa721bb0596528ff802b1e18a4e3a7767412ac9f108c9d3a7, want: 6161616161)")
}
func (s *ConnectionXmppSuite) Test_Dial_worksIfTheHandshakeSucceedsButSucceedsOnValidCertHash(c *C) {
	rw := &mockMultiConnIOReaderWriter{read: validTLSExchange}
	conn := &fullMockedConn{rw: rw}
	var tlsC tls.Config
	tlsC.Rand = fixedRand([]string{
		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
		"000102030405060708090A0B0C0D0E0F",
		"000102030405060708090A0B0C0D0E0F",
	})

	d := &dialer{
		JID:           "*****@*****.**",
		password:      "******",
		serverAddress: "www.olabini.se:443",
		verifier:      &basicTLSVerifier{bytesFromHex("82454418cb04854aa721bb0596528ff802b1e18a4e3a7767412ac9f108c9d3a7")},

		config: data.Config{
			TLSConfig: &tlsC,
		},
	}
	_, err := d.setupStream(conn)

	c.Assert(err, Equals, io.EOF)
}
func ServerTLSListen(service string, f func(conn net.Conn)) {

	// Load x509 certificates for our private/public key, makecert.sh will
	// generate them for you.

	cert, err := tls.LoadX509KeyPair("certs/server.pem", "certs/server.key")
	if err != nil {
		log.Fatalf("server: loadkeys: %s", err)
	}
	// Note if we don't tls.RequireAnyClientCert client side certs are ignored.
	config := tls.Config{Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAnyClientCert}
	config.Rand = rand.Reader
	listener, err := tls.Listen("tcp", service, &config)
	if err != nil {
		log.Fatalf("server: listen: %s", err)
	}
	log.Print("server: listening")
	// Keep this loop simple/fast as to be able to handle new connections
	for {
		conn, err := listener.Accept()
		if err != nil {
			log.Printf("server: accept: %s", err)
			break
		}
		log.Printf("server: accepted from %s", conn.RemoteAddr())
		// Fire off go routing to handle rest of connection.
		go handleClient(conn, f)
	}
}
Beispiel #11
0
func main() {
	random, _ := os.Open("/dev/urandom", os.O_RDONLY, 0)
	pembytes := readEntireFile("/home/kris/SSL/gr0g.crt")
	cert, _ := pem.Decode(pembytes)
	keybytes := readEntireFile("/home/kris/SSL/gr0g.key")
	pk, _ := pem.Decode(keybytes)

	privatekey, _ := x509.ParsePKCS1PrivateKey(pk.Bytes)

	config := new(tls.Config)
	config.Certificates = make([]tls.Certificate, 1)
	config.Certificates[0].Certificate = [][]byte{cert.Bytes}
	config.Certificates[0].PrivateKey = privatekey
	config.Rand = random
	//config.RootCAs = caset
	config.Time = time.Seconds
	listener, err := tls.Listen("tcp", "0.0.0.0:8443", config)

	fmt.Printf("%s\n", err)
	for {
		conn, _ := listener.Accept()
		go func() {
			for {
				buf := make([]byte, 1024)
				_, err := conn.Read(buf)
				if err != nil {
					return
				}
				fmt.Printf("%s", buf)
			}
		}()
	}
}
Beispiel #12
0
func (s *ConnectionXmppSuite) Test_Dial_worksIfTheHandshakeSucceeds(c *C) {
	rw := &mockMultiConnIOReaderWriter{read: validTLSExchange}
	conn := &fullMockedConn{rw: rw}
	var tlsC tls.Config
	tlsC.Rand = fixedRand([]string{
		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
		"000102030405060708090A0B0C0D0E0F",
		"000102030405060708090A0B0C0D0E0F",
	})

	d := &dialer{
		JID:           "*****@*****.**",
		password:      "******",
		serverAddress: "www.olabini.se:443",
		verifier:      &basicTLSVerifier{},

		config: data.Config{
			TLSConfig: &tlsC,
		},
	}
	_, err := d.setupStream(conn)

	c.Assert(err, Equals, io.EOF)
	c.Assert(string(rw.write), Equals, ""+
		"<?xml version='1.0'?><stream:stream to='www.olabini.se' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n"+
		"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\x16\x03\x01\x00\x96\x01\x00\x00\x92\x03\x03\x00\x01\x02\x03\x04\x05\x06\a\b\t\n"+
		"\v\f\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x00\x00\x1c\xc0/\xc0+\xc00\xc0,\xc0\x13\xc0\t\xc0\x14\xc0\n"+
		"\x00\x9c\x00\x9d\x00/\x005\xc0\x12\x00\n"+
		"\x01\x00\x00M\x00\x00\x00\x13\x00\x11\x00\x00\x0ewww.olabini.se\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\n"+
		"\x00\b\x00\x06\x00\x17\x00\x18\x00\x19\x00\v\x00\x02\x01\x00\x00\r\x00\x0e\x00\f\x04\x01\x04\x03\x05\x01\x05\x03\x02\x01\x02\x03\xff\x01\x00\x01\x00\x00\x12\x00\x00\x16\x03\x03\x00F\x10\x00\x00BA\x04\b\xda\xf8\xb0\xab\xae5\t\xf3\\\xe1\xd31\x04\xcb\x01\xb9Qb̹\x18\xba\x1f\x81o8\xd3\x13\x0f\xb8\u007f\x92\xa3\b7\xf8o\x9e\xef\x19\u007fCy\xa5\n"+
		"b\x06\x82fy]\xb9\xf83\xea6\x1d\x03\xafT[\xe7\x92\x14\x03\x03\x00\x01\x01\x16\x03\x03\x00(\x00\x00\x00\x00\x00\x00\x00\x00j\xc9\xd4\xef'\xc2ڲ6e\x88JD$\x9d\x15O\x80\x15\u0099-.(T\x99\xb3\xbf\x869~\x11\x17\x03\x03\x00\xa5\x00\x00\x00\x00\x00\x00\x00\x01W'*.\vz\x85%%E\xee\x119\x82\xe4\xfe\xf5o\x111m|\x8d\xbb ģ\x06\xf2a_M\xd3\xebޤ:\xe3\x00\x92A\xd6\\\xa7\xce<\"F?tr\xbc1gȮD\\ՎG\xe7\x9e\xc8\u007f\x9e\x1eD\xdbJ&\xe5T2b\xa5J\xc9\xc99\"Ek\xc0\x0fa\xf4\x9b*\xb1\x9a\x10^^(\x8f\x1b\x8b\xdd\x04\xe8\xe6\xf5\xb6+V\x1d\xd7\xeb512\xc0*\x8e7\x15\xdd\t\x04\x1d-#\xf8\x9d^\x16k\xa4\x1d\xe0s\x90E\x8cNG\x93\xb0\xd5]\x1d\x01B\xe9\x18T\xc7@\x11\x1a\x17\xe3\xb9b\x19\x1a")
}
Beispiel #13
0
func main() {
	cert, err := tls.LoadX509KeyPair("jan.newmarch.name.pem", "private.pem")
	checkError(err)

	config := tls.Config{Certificates: []tls.Certificate{cert}}

	now := time.Now()
	config.Time = func() time.Time { return now }
	config.Rand = rand.Reader

	service := "192.168.1.105:1200"

	listenter, err := tls.Listen("tcp", service, &config)
	checkError(err)
	fmt.Println("Listening")
	for {
		conn, err := listenter.Accept()
		if err != nil {
			fmt.Println(err.Error())
			continue
		}
		fmt.Println("Accepted")
		go handleClient(conn)
	}
}
Beispiel #14
0
func main() {

	cert, err := tls.LoadX509KeyPair("server.pem", "server.key")

	if err != nil {
		panic("Error loading X509 Key Pair")
	}

	config := tls.Config{Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAnyClientCert}
	config.Rand = rand.Reader

	service := ":1201"
	listener, err := tls.Listen("tcp", service, &config)
	checkError(err)
	clientId = 0

	for {
		conn, err := listener.Accept()
		if err != nil {
			continue
		}
		client := Client{clientId, conn}
		clientList.Add(&client)
		clientId++

		// run as a goroutine
		go handleClient(client)
	}
}
Beispiel #15
0
func NetInitTls(quit chan int, gameLogic func(*Client), port int, readDeadline, writeDeadline time.Duration, certFile, keyFile string) error {
	initMutex.Lock()
	if normalTcp {
		initMutex.Unlock()
		return errors.New("Alrealdy inited as normal tcp")
	}
	if tlsTcp {
		initMutex.Unlock()
		return errors.New("Can not init twice")
	}
	tlsTcp = true
	initMutex.Unlock()

	Clients = make(map[int]*Client)

	cert, err := tls.LoadX509KeyPair(certFile, keyFile)
	if err != nil {
		return err
	}

	config := tls.Config{Certificates: []tls.Certificate{cert}}
	config.Rand = rand.Reader

	go socketTlsListener(quit, gameLogic, port, readDeadline, writeDeadline, &config)

	return nil
}
Beispiel #16
0
//run starts the webserver
func (v *Vault) startServer() error {
	glog.Infof("Starting local server\n")
	router := gin.New()
	//TODO initialize configurations, correct middlewares, https/http
	router.Use(ginglog.Logger(5)) //5 seconds
	router.Use(gin.Recovery())

	//setting up https by default
	var tlsConfig = tls.Config{}
	keypair, err := tls.LoadX509KeyPair(v.config["tlsCertfilePath"], v.config["tlsKeyfilePath"])
	if err != nil {
		fmt.Printf("ERR: Could not load X509 KeyPair, caused by: %s\n", err)
		os.Exit(1) //exit explicitely as we choose a fail fast approach
	}
	tlsConfig.Certificates = []tls.Certificate{keypair}
	tlsConfig.NextProtos = []string{"http/1.1"}
	tlsConfig.Rand = rand.Reader

	router.GET("/secret/:appID", v.getSecret)
	serve := &http.Server{
		Addr:      fmt.Sprintf(":%s", v.config["serverPort"]),
		Handler:   router,
		TLSConfig: &tlsConfig,
	}
	err = serve.ListenAndServe()
	if err != nil {
		glog.Errorf("Cannot start server for Cubbyhole tokens distribution\n")
	}
	return err
}
Beispiel #17
0
func (l *TLSLog) initConfig(config *tls.Config) {
	l.log = ""
	l.logRand = newLogRand(config.Rand)
	config.Rand = l.logRand
	config.SessionTicketsDisabled = false
	if config.ClientSessionCache == nil {
		config.ClientSessionCache = tls.NewLRUClientSessionCache(1)
	}
}
Beispiel #18
0
func main() {
	ca_b, err := ioutil.ReadFile("../../autogen/key/cacert.der")
	if err != nil {
		fmt.Println("read cacert.der failed: ", err)
		return
	}
	ca, err := x509.ParseCertificate(ca_b)
	if err != nil {
		fmt.Println("parse cacert.der failed: ", err)
		return
	}

	priv_b, err := ioutil.ReadFile("../../autogen/key/cakey.der")
	if err != nil {
		fmt.Println("read cakey.der failed: ", err)
		return
	}

	priv, err := x509.ParsePKCS1PrivateKey(priv_b)
	if err != nil {
		fmt.Println("parse cakey.der failed: ", err)
		return
	}

	pool := x509.NewCertPool()
	pool.AddCert(ca)

	cert := tls.Certificate{
		Certificate: [][]byte{ca_b},
		PrivateKey:  priv,
	}

	config := tls.Config{
		ClientAuth:   tls.NoClientCert,
		Certificates: []tls.Certificate{cert},
		ClientCAs:    pool,
	}

	config.Rand = rand.Reader
	service := "0.0.0.0:9999"
	listener, err := tls.Listen("tcp", service, &config)
	if err != nil {
		fmt.Printf("tls.listen() failed: %s\n", err)
	}
	fmt.Println("server: listening")

	for {
		conn, err := listener.Accept()
		if err != nil {
			fmt.Printf("server: accept: %s\n", err)
			break
		}
		defer conn.Close()
		fmt.Printf("server: accepted from %s\n", conn.RemoteAddr())
		go process_connection(conn)
	}
}
Beispiel #19
0
func getTLSListener(listenAddress string) (net.Listener, error) {
	cert, err := loadCertificate()
	if err != nil {
		return nil, err
	}
	config := tls.Config{Certificates: []tls.Certificate{cert}}
	config.Rand = rand.Reader

	return tls.Listen("tcp", listenAddress, &config)
}
Beispiel #20
0
func GetSocket(cfg *ini.Section) (net.Conn, error) {
	var conn net.Conn
	var err error

	host := cfg.Key("host").String()
	port := cfg.Key("port").String()

	address := host + ":" + port
	if _, err = net.ResolveTCPAddr("tcp", address); err != nil {
		return nil, err
	}

	if cfg.Key("ssl").MustBool() {
		key := cfg.Key("sslcert").String()
		private := cfg.Key("sslkey").String()

		cert, err := tls.LoadX509KeyPair(key, private)
		if err != nil {
			err = errors.New("Error when loading SSL certificate: " + err.Error())
			return nil, err
		}

		caCert, err := ioutil.ReadFile(key)
		if err != nil {
			return nil, err
		}
		caCertPool := x509.NewCertPool()
		caCertPool.AppendCertsFromPEM(caCert)

		config := tls.Config{
			RootCAs:      caCertPool,
			Certificates: []tls.Certificate{cert},
		}

		now := time.Now()
		config.Time = func() time.Time { return now }
		config.Rand = rand.Reader

		conn, err = tls.Dial("tcp", address, &config)
		if err != nil {
			return nil, err
		}

	} else {
		conn, err = net.Dial("tcp", address)
		if err != nil {
			return nil, err
		}
	}

	return conn, err
}
Beispiel #21
0
func main() {
	pem = "cert.pem"
	key = "cert.key"
	if _, err := os.Stat(pem); os.IsNotExist(err) {
		if _, err := os.Stat(key); os.IsNotExist(err) {
			fmt.Println("no certs found, generating new self signed certs.")
			genCert()
		}
	}
	if _, err := os.Stat(key); err == nil {
		ca_b, _ := ioutil.ReadFile(pem)
		ca, _ := x509.ParseCertificate(ca_b)
		priv_b, _ := ioutil.ReadFile(key)
		priv, _ := x509.ParsePKCS1PrivateKey(priv_b)
		pool := x509.NewCertPool()
		pool.AddCert(ca)

		cert := tls.Certificate{
			Certificate: [][]byte{ca_b},
			PrivateKey:  priv,
		}

		config := tls.Config{
			Certificates: []tls.Certificate{cert},
			//MinVersion:   tls.VersionSSL30, //don't use SSLv3, https://www.openssl.org/~bodo/ssl-poodle.pdf
			MinVersion: tls.VersionTLS10,
			//MinVersion:   tls.VersionTLS11,
			//MinVersion:   tls.VersionTLS12,
		}
		config.Rand = rand.Reader
		port := ":4443"
		listener, err := tls.Listen("tcp", port, &config)
		if err != nil {
			log.Fatalf("https: listen: %s", err)
		}
		log.Printf("https: listening on %s", port)

		for {
			conn, err := listener.Accept()
			if err != nil {
				log.Printf("https: accept: %s", err)
				break
			}
			defer conn.Close()
			log.Printf("https: accepted from %s to %s", conn.RemoteAddr(), port)
			go handleClient(conn)
		}
	} else {
		log.Fatalf("https: NO CERT FOUND")
	}
}
Beispiel #22
0
func (s *ConnectionXmppSuite) Test_Dial_worksIfTheHandshakeSucceeds(c *C) {
	rw := &mockMultiConnIOReaderWriter{read: validTLSExchange}
	conn := &fullMockedConn{rw: rw}
	var tlsC tls.Config
	tlsC.Rand = fixedRand([]string{
		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
		"000102030405060708090A0B0C0D0E0F",
		"000102030405060708090A0B0C0D0E0F",
	})

	d := &dialer{
		JID:           "*****@*****.**",
		password:      "******",
		serverAddress: "www.olabini.se:443",
		verifier:      &basicTLSVerifier{},

		config: data.Config{
			TLSConfig: &tlsC,
		},
	}
	_, err := d.setupStream(conn)

	c.Assert(err, Equals, io.EOF)
	if isVersionOldish() {
		c.Assert(string(rw.write), Equals, ""+
			"<?xml version='1.0'?><stream:stream to='www.olabini.se' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n"+
			"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\x16\x03\x01\x00\x8c\x01\x00\x00\x88\x03\x03\x00\x01\x02\x03\x04\x05\x06\a\b\t\n"+
			"\v\f\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x00\x00\x1a\xc0/\xc0+\xc0\x11\xc0\a\xc0\x13\xc0\t\xc0\x14\xc0\n"+
			"\x00\x05\x00/\x005\xc0\x12\x00\n"+
			"\x01\x00\x00E\x00\x00\x00\x13\x00\x11\x00\x00\x0ewww.olabini.se\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\n"+
			"\x00\b\x00\x06\x00\x17\x00\x18\x00\x19\x00\v\x00\x02\x01\x00\x00\r\x00\n"+
			"\x00\b\x04\x01\x04\x03\x02\x01\x02\x03\xff\x01\x00\x01\x00\x16\x03\x03\x00F\x10\x00\x00BA\x04\b\xda\xf8\xb0\xab\xae5\t\xf3\\\xe1\xd31\x04\xcb\x01\xb9Qb̹\x18\xba\x1f\x81o8\xd3\x13\x0f\xb8\u007f\x92\xa3\b7\xf8o\x9e\xef\x19\u007fCy\xa5\n"+
			"b\x06\x82fy]\xb9\xf83\xea6\x1d\x03\xafT[\xe7\x92\x14\x03\x03\x00\x01\x01\x16\x03\x03\x00@\x00\x01\x02\x03\x04\x05\x06\a\b\t\n"+
			"\v\f\r\x0e\x0fL\x86\xb5⌍\xfe\xc77\x8b\x01\x18\xces\xf4\x01S\xcbI9\t \x9e1\xe6U\n"+
			"\xff\xa67\xe4,Z\x05\x9e\xcfՈ\xfd-ڰ\x9dn\xac[Ud\x17\x03\x03\x00\xc0\x00\x01\x02\x03\x04\x05\x06\a\b\t\n"+
			"\v\f\r\x0e\x0f\xd6|\xd9h1\xb4}ȹ\x80\xe7]\xbf\b\xe5Ю~N\x11n(Ӯ`\xcd\xfb\xc4E1Ѧ\xa0d\x83#?\b\xde\x1bp5@\x94\xe8\x89\xc0\xdb.\x03pd\xa6&|\xa2\xd8\f6\x91\a\xeb6G\xe5\xe1@\x02a\x89\x95@\x81\x0e\x161Dy\xf1N\xbf4\xf1\x93\xa4\xd2\xfc\xb6JZi\xb5\b\x13\xb7{n\\\xd6\x15M!\xe5\x10\xdc\x15\xbb\xab\xc0'\x11\xf6\xb8\xfa\x82I\x18\x96\xe1>\xa1\xa6GT\x1cy\x94X\xa7\xfa\x9c\xf5\xa8\xe8\t\xc8\xf5I\xce\xd9\xd8<\xf8\x9d\x93\xf8\x9b\xdd8\xbbIdVP\x0f\x88\x05{\x9b\x84Z\x82\x91\x9e4\x91}\x97nZ\xa2n\xfe.#?")
	} else {
		c.Assert(string(rw.write), Equals, ""+
			"<?xml version='1.0'?><stream:stream to='www.olabini.se' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n"+
			"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\x16\x03\x01\x00\x92\x01\x00\x00\x8e\x03\x03\x00\x01\x02\x03\x04\x05\x06\a\b\t\n"+
			"\v\f\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x00\x00\x18\xc0/\xc0+\xc00\xc0,\xc0\x13\xc0\t\xc0\x14\xc0\n"+
			"\x00/\x005\xc0\x12\x00\n"+
			"\x01\x00\x00M\x00\x00\x00\x13\x00\x11\x00\x00\x0ewww.olabini.se\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\n"+
			"\x00\b\x00\x06\x00\x17\x00\x18\x00\x19\x00\v\x00\x02\x01\x00\x00\r\x00\x0e\x00\f\x04\x01\x04\x03\x05\x01\x05\x03\x02\x01\x02\x03\xff\x01\x00\x01\x00\x00\x12\x00\x00\x16\x03\x03\x00F\x10\x00\x00BA\x04\b\xda\xf8\xb0\xab\xae5\t\xf3\\\xe1\xd31\x04\xcb\x01\xb9Qb̹\x18\xba\x1f\x81o8\xd3\x13\x0f\xb8\u007f\x92\xa3\b7\xf8o\x9e\xef\x19\u007fCy\xa5\n"+
			"b\x06\x82fy]\xb9\xf83\xea6\x1d\x03\xafT[\xe7\x92\x14\x03\x03\x00\x01\x01\x16\x03\x03\x00(\x00\x00\x00\x00\x00\x00\x00\x00~nq\xd7\x04\\\x97\xdfR\f\xd5Aѥ\xf3\t>\x81P\xc0\xffO\xc2\xd9`\xf3\u0094\xb3\x14\x04\x90\x17\x03\x03\x00\xa5\x00\x00\x00\x00\x00\x00\x00\x01\x1c3\xb8T0zp\x01\xe2P\xffI\xec\x1d a^w\x94\xf2+\xd6\xc7\xd8\x10\x108`\x9f\x98h(\x1f\xf0\xd5\xd0\U000163fb\x9d\x98\xd5s\xc36\xe6\x9bR\x88\x9d\xb7/#\x18^!1\x06\x90;#\x04\u03a2\x9djf\xd5\xd8:\x05+\x10T\x1a\x00\xd1\xc1\xe6\xd9V\xeb\xb6p+\xfa\xa3`\x92\xc0Z\xd3\xe6}K;\x02\xfc\xc9\u0530\x0f\xbd\xeeX\xf8\xf7\xdf\x16\x05q9\xecat\x80\x97\x80\xa0\x1fŊ\xa7\n"+
			"\x9e\xfaڣ\xae\xeb\xc0k\n"+
			"\x14\"\xb1N\x89{\x90z\xaf\xbeCP\xfd\x98\x9b\x13v\x14\xe9\xd1\x1f\x9e\x96")
	}
}
Beispiel #23
0
func StartListenSSL() {

	if myopt.ListenSSL == "" {
		return
	}

	var err error
	certFile := myopt.CrtFile
	keyFile := myopt.PemFile

	cert, err := tls.LoadX509KeyPair(certFile, keyFile)

	if err != nil {
		Log("LoadX509KeyPair:", myopt.PemFile, myopt.CrtFile, err)
		return
	}

	config := tls.Config{Certificates: []tls.Certificate{cert}}
	config.Time = time.Now
	config.Rand = rand.Reader

	addr := myopt.ListenSSL
	lstn, err := tls.Listen("tcp", addr, &config)
	if err != nil {
		Log("Listen:", err)
		return
	}

	Log("SSL Listening on", addr)

	l := lstn
	for {
		srcConn, err := l.Accept()
		if err != nil {
			Log("SSL Accept:", err)
			break
		}
		c, err := newConn(srcConn)
		if err != nil {
			Log("SSL newConn:", err)
			continue
		}
		c.Name = "SSL " + srcConn.RemoteAddr().String()
		c.isSSL = true
		go c.serve()
	}
	return

}
Beispiel #24
0
func InitListener() net.Listener {
	cert, err := tls.LoadX509KeyPair("config/server.pem", "config/server.key")
	if err != nil {
		checkErr(err)
	}
	config := tls.Config{Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAnyClientCert}
	config.Rand = rand.Reader
	service := "0.0.0.0:" + PORT
	listener, err := tls.Listen("tcp", service, &config)
	if err != nil {
		checkErr(err)
	}
	log.Printf("\n======================\nGBServer: Listening...\n======================\n")
	return listener
}
Beispiel #25
0
func (s *ConnectionXmppSuite) Test_Dial_failsWhenStartingAHandshake(c *C) {
	rw := &mockConnIOReaderWriter{read: []byte(
		"<?xml version='1.0'?>" +
			"<str:stream xmlns:str='http://etherx.jabber.org/streams' version='1.0'>" +
			"<str:features>" +
			"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>" +
			"</starttls>" +
			"<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>" +
			"<mechanism>PLAIN</mechanism>" +
			"</mechanisms>" +
			"</str:features>" +
			"<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>",
	)}
	conn := &fullMockedConn{rw: rw}
	var tlsC tls.Config
	tlsC.Rand = fixedRand([]string{"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"})

	d := &dialer{
		JID:      "user@domain",
		password: "******",
		config: data.Config{
			TLSConfig: &tlsC,
		},
	}
	_, err := d.setupStream(conn)

	c.Assert(err, Equals, io.EOF)
	if isVersionOldish() {
		c.Assert(string(rw.write), Equals, ""+
			"<?xml version='1.0'?><stream:stream to='domain' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n"+
			"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\x16\x03\x01\x00\x84\x01\x00\x00\x80\x03\x03\x00\x01\x02\x03\x04\x05\x06\a\b\t\n"+
			"\v\f\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x00\x00\x1a\xc0/\xc0+\xc0\x11\xc0\a\xc0\x13\xc0\t\xc0\x14\xc0\n"+
			"\x00\x05\x00/\x005\xc0\x12\x00\n"+
			"\x01\x00\x00=\x00\x00\x00\v\x00\t\x00\x00\x06domain\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\n"+
			"\x00\b\x00\x06\x00\x17\x00\x18\x00\x19\x00\v\x00\x02\x01\x00\x00\r\x00\n"+
			"\x00\b\x04\x01\x04\x03\x02\x01\x02\x03\xff\x01\x00\x01\x00",
		)
	} else {
		c.Assert(string(rw.write), Equals, ""+
			"<?xml version='1.0'?><stream:stream to='domain' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n"+
			"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\x16\x03\x01\x00\x8a\x01\x00\x00\x86\x03\x03\x00\x01\x02\x03\x04\x05\x06\a\b\t\n"+
			"\v\f\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x00\x00\x18\xc0/\xc0+\xc00\xc0,\xc0\x13\xc0\t\xc0\x14\xc0\n"+
			"\x00/\x005\xc0\x12\x00\n"+
			"\x01\x00\x00E\x00\x00\x00\v\x00\t\x00\x00\x06domain\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\n"+
			"\x00\b\x00\x06\x00\x17\x00\x18\x00\x19\x00\v\x00\x02\x01\x00\x00\r\x00\x0e\x00\f\x04\x01\x04\x03\x05\x01\x05\x03\x02\x01\x02\x03\xff\x01\x00\x01\x00\x00\x12\x00\x00",
		)
	}
}
Beispiel #26
0
// Starttls
func (s *SMTPServerSession) smtpStartTLS() {
	if s.tls {
		s.out("454 - transaction is already over SSL/TLS")
		s.SMTPResponseCode = 454
		return
	}
	//s.out("220 Ready to start TLS")
	cert, err := tls.LoadX509KeyPair(path.Join(GetBasePath(), "ssl/server.crt"), path.Join(GetBasePath(), "ssl/server.key"))
	if err != nil {
		msg := "TLS failed unable to load server keys: " + err.Error()
		s.logError(msg)
		s.out("454 " + msg)
		s.SMTPResponseCode = 454
		return
	}

	tlsConfig := tls.Config{
		Certificates:       []tls.Certificate{cert},
		InsecureSkipVerify: true,
	}
	tlsConfig.Rand = rand.Reader

	s.out("220 Ready to start TLS nego")
	s.SMTPResponseCode = 220

	//var tlsConn *tls.Conn
	//tlsConn = tls.Server(client.socket, TLSconfig)
	s.connTLS = tls.Server(s.conn, &tlsConfig)
	// run a handshake
	// errors.New("tls: unsupported SSLv2 handshake received")
	err = s.connTLS.Handshake()
	if err != nil {
		msg := "454 - TLS handshake failed: " + err.Error()
		s.SMTPResponseCode = 454
		if err.Error() == "tls: unsupported SSLv2 handshake received" {
			s.log(msg)
		} else {
			s.logError(msg)
		}
		s.out(msg)
		return
	}
	s.log("connection upgraded to " + tlsGetVersion(s.connTLS.ConnectionState().Version) + " " + tlsGetCipherSuite(s.connTLS.ConnectionState().CipherSuite))
	//s.conn = net.Conn(tlsConn)
	s.conn = s.connTLS
	s.tls = true
	s.seenHelo = false
}
Beispiel #27
0
func (server *SMTPServer) RespondToStartTLS(conn net.Conn, input *bufio.Reader, output *bufio.Writer) (*tls.Conn, *bufio.Reader, *bufio.Writer) {
	output.WriteString("220 Go ahead\r\n")
	output.Flush()

	server.CurrentDelivery.UsedTLS = true

	cert, err := tls.X509KeyPair([]byte(certPEM), []byte(keyPEM))
	if err != nil {
		log.Fatalf("server: loadkeys: %s", err)
	}
	config := tls.Config{Certificates: []tls.Certificate{cert}}
	config.Rand = rand.Reader
	tlsConn := tls.Server(conn, &config)

	return tlsConn, bufio.NewReader(tlsConn), bufio.NewWriter(tlsConn)
}
Beispiel #28
0
func ListenerEnableTLS(listener net.Listener, tlsCfg *TlsCfg) net.Listener {
	//openssl genrsa -out server.key 1024
	//openssl req -new -key server.key -out csr.pem
	//openssl x509 -req -in csr.pem -signkey server.key -out cert.pem
	pwd, err := os.Getwd()
	glog.V(KGlogLevel).Infof("pwd: %v\n", pwd)
	//fmt.Printf("pwd: %v\n", pwd)
	//	cert, err := tls.LoadX509KeyPair("./src/utilx/cert.pem", "./src/utilx/server.key")
	cert, err := tls.LoadX509KeyPair(tlsCfg.Pem, tlsCfg.Key)
	if err != nil {
		glog.Fatalf("server: loadkeys: %s", err)
		//log.Fatalf("server: loadkeys: %s", err)
	}
	config := tls.Config{Certificates: []tls.Certificate{cert}}
	config.Time = time.Now
	config.Rand = rand.Reader
	listen := tls.NewListener(listener, &config)
	return listen
}
func getServerConfig() *tls.Config {
	capool := x509.NewCertPool()
	if ok := capool.AppendCertsFromPEM([]byte(ca_s)); !ok {
		panic("Cannot add cert")
	}

	cert, err := tls.X509KeyPair([]byte(cert1_s), []byte(priv1_s))
	if err != nil {
		panic(err)
	}

	config := tls.Config{
		ClientAuth:   tls.RequireAndVerifyClientCert,
		Certificates: []tls.Certificate{cert},
		ClientCAs:    capool,
	}
	config.Rand = rand.Reader

	return &config
}
Beispiel #30
0
func ConnectTls(settings config.Settings) {
	c, err := exists(settings.CertName)
	if !c {
		log.Printf("Cert file doesnt exist! %s", err)
		GenKeyCert("127.0.0.1", settings.CertName, settings.KeyName)
	}
	//TODO client certs

	addr := GetAddress(settings, "127.0.0.1")
	log.Printf("Starting TLS connection to %s", addr)
	i := -1
	//only one at once. -1 represents 'forever'
	conf := tls.Config{
		//Certificates: []tls.Certificate{cert},
		CipherSuites: []uint16{
			tls.TLS_RSA_WITH_RC4_128_SHA,
			tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
			tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
			tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
		InsecureSkipVerify: true}
	conf.Rand = rand.Reader
	for i < settings.MaxReconnects || settings.MaxReconnects < 0 {
		conn, err := tls.Dial("tcp", addr, &conf)
		if err != nil {
			log.Printf("error connecting: %s", err.Error())
		} else {
			if settings.Verbose {
				log.Printf("Connected")
			}
			//same thread (prevent program exit)
			ch := make(chan int, 100)
			EchoService(conn, settings, ch)
			foo, ok := <-ch
			log.Printf("response ok: %b, code: %d", ok, foo)
		}
		i++
	}
	log.Printf("Finished after %d connections", i+1)
}